Slashdot Mirror

dhammala asks: "I am responsible for setting up and maintaining a mail server for small web-hosting type business. We currently host about 75 domains, around 100 mailboxes and due to the efforts of our sales team, we are wanting to get ready for some great increases in those numbers. I am worried about my current configuration and ease of administration. More importantly (well, at least to the customers) is email deliverability -- it seems that messages delivered to some big players are being marked as SPAM or disappearing altogether. I am asking the Slashdot community for it's insight and advise on 1) if my current choice of software/configuration is a good match for this situation and 2) if there any additional measures I might take to ensure email deliverability?" "Here is an overview of our current setup:

• We lease servers at ev1servers.net.
• The servers are running RHEL ES3.
• We chose to use Postfix and have it configured to support virtual users and domains mapped in MySQL tables. The reference I used to configure this setup is located here. We initially chose Postfix over qmail because it was open and over sendmail because the config files are actually readable.
• I have added in SQLGrey grey-listing for Postfix to provide a simple level of SPAM detection for our users. We are not wanting to deal with the customer service and higher box loads of mail scanning at this time. We might choose to use a 3rd party vendor to do this as needed.
• Messages are delivered locally via maildrop in maildir format.
• Courier IMAP is running to support both IMAP and POP access to the mailboxes.
• Postfix Admin was setup for easy mailbox administration.

For deliverabilty, I have/am taking the following steps:

• I have verified that our reverse IP records are correct
• I have created SPF records for all of the domains
• I have verified that our server is not listed in any blacklists (great scanner at dnsstuff.com)
• I have started to install DomainKeys for Postfix

In doing all of that, I have found that our IP is listed in the BlarsBL. Do I need to be concerned about this rogue list? The IP was there before I even began to setup the box.

I have not yet been able to get DomainKeys to work with Postfix. It was during my configuration attempts that I started to question this setup and wondered if this was the best setup for our situation.. this inquiry has lead to this posting.

In a perfect world, I would have an email server that:

• is easy to administer,
• supports automated mailbox setup/removal (currently I can just insert rows into my tables and the mailbox setup is done)
• supports current technologies, like grey-listing, DomainKeys, etc
• is secure
• makes the best use of system resources -- I want to get the 'best bang for the buck'

So what do you think? If I stick with this setup will life be grand? I am open to something new AND even taking the time to learn a new setup. If I do need to switch to something different, my only concern would be the ability to migrate existing mailboxes and messages over to the new setup.

Are there any other technologies or configurations that I need to implement to support the best deliverabilty rates?"

NW writes "As a followup to yesterday story, Eben Moglen of FSF and Larry Rosen of OSI have publically spoken out against Microsoft's Sender-ID license calling it incompatible with the GPL and Open Source. A related eWeek story also covers this and includes the following quote from Eric Allman, the author of Sendmail: "It's pretty clear that it's going to take an act of whatever deity Microsoft worships in order to get them to back down on the sublicensing issue. They made it absolutely clear to us that they were not even going to consider changing this, and the legal folks made it further clear that they would rather see Sender ID die than back down.""

NW writes "As a followup to yesterday story, Eben Moglen of FSF and Larry Rosen of OSI have publically spoken out against Microsoft's Sender-ID license calling it incompatible with the GPL and Open Source. A related eWeek story also covers this and includes the following quote from Eric Allman, the author of Sendmail: "It's pretty clear that it's going to take an act of whatever deity Microsoft worships in order to get them to back down on the sublicensing issue. They made it absolutely clear to us that they were not even going to consider changing this, and the legal folks made it further clear that they would rather see Sender ID die than back down.""

MasTRE writes "After an extended period of polishing and testing, Postfix 2.1 is released. Some highlights: complete documentation rewrite (long overdue!), policy delegation to external code, real-time content filtering _before_ mail is accepted (a top 10 most requested feature in previous versions), major revision of the LDAP/MySQL/PGSQL code. Version 2.2 is in thw works, which promises even more features like client rate limiting and integration of the TLS and IPv6 patches into the official tree. There's never been a better time to migrate from Sendmail (just _had_ to get that in there ;)."

fudgefactor7 writes "Powerhouse software vendor Microsoft and the venerable Sendmail, have formed an alliance to launch a sender authentication plug-in which is hoped will combat email fraud and spam. The plug-in lets organisations verify a message's source before accepting it by automatically checking to see if an email came from where it claims it did. Could this be a sign of the beginning of the end of spam?" Update: 02/26 08:01 GMT by S : Though Microsoft and Sendmail are both working on solutions, there's no official alliance in place between the companies.

ChiefArcher writes "On the footsteps of openssh, Sendmail 8.12.10 has just been released due to a buffer overflow in address parsing. Sendmail states this is potentially remotely exploitable. No updates on the Sendmail site yet, but the FTP site has the release notes."

ChiefArcher writes "On the footsteps of openssh, Sendmail 8.12.10 has just been released due to a buffer overflow in address parsing. Sendmail states this is potentially remotely exploitable. No updates on the Sendmail site yet, but the FTP site has the release notes."

bahamutirc writes "Yet another security problem was discovered by Michal Zalewski in Sendmail 8.12.8, 'a buffer overflow in address parsing due to a char to int conversion problem which is potentially remotely exploitable.' Apparently somebody jumped the gun and posted before Sendmail had a chance to notify anyone, so they had to release it today. Go grab your source." Here's the CERT advisory.

randal writes "A security vulnerability in the Sendmail Mail Transfer Agent (MTA) has been identified by ISS. This bug can give an attacker the ability to gain remote root access to the targeted system. There is no known exploit code of this vulnerability in the wild at this time, but everyone should upgrade immediately. This issue affects all versions since 5.79. Open Source sendmail users can get source for the newest version (8.12.8) as well as patches for 8.9, 8.11, and 8.12 from sendmail.org. Commercial Sendmail customers can find patches at sendmail.com/security. Most major OS vendors will be releasing patches immediately." Update: 03/03 19:23 GMT by T : Reader Patchlevel points out that RedHat and OpenBSD have already issued patches.Update: 03/03 20:45 GMT by T : Reader Claude Meyer links to an update from SuSE, too. Update: 03/03 22:52 GMT by T : djcatnip points out that Apple has released a software update to patch OpenSSL and Sendmail for Mac OS X 10.2.4, and the Slackware site says they have updated to 8.12.8 as well.

randal writes "A security vulnerability in the Sendmail Mail Transfer Agent (MTA) has been identified by ISS. This bug can give an attacker the ability to gain remote root access to the targeted system. There is no known exploit code of this vulnerability in the wild at this time, but everyone should upgrade immediately. This issue affects all versions since 5.79. Open Source sendmail users can get source for the newest version (8.12.8) as well as patches for 8.9, 8.11, and 8.12 from sendmail.org. Commercial Sendmail customers can find patches at sendmail.com/security. Most major OS vendors will be releasing patches immediately." Update: 03/03 19:23 GMT by T : Reader Patchlevel points out that RedHat and OpenBSD have already issued patches.Update: 03/03 20:45 GMT by T : Reader Claude Meyer links to an update from SuSE, too. Update: 03/03 22:52 GMT by T : djcatnip points out that Apple has released a software update to patch OpenSSL and Sendmail for Mac OS X 10.2.4, and the Slackware site says they have updated to 8.12.8 as well.

Robby Russell writes "Paper books have a tendency to accumulate dust, take up large amounts of shelf space and be a painful reminder that you need to get rid of stuff when moving time comes and you find yourself packing up the same Pascal book for an eighth time. Granted, the book provides a level of self-accomplishment and it's always great to have your best books out in direct sight of anyone who may come over to your home or office. You know the type; the ones who are observant and notice the books that you want the world to know that you've read, as if you were to say, 'Been there, done that.' You can't tell me that you don't put some of them up intentionally. ;-)" Russell is taken with O'Reilly's floating-rental system called Safari; read on for his review of the system. (various) author (various) pages (various) publisher O'Reilly and other participating publishers rating 9 reviewer Robby Russell ISBN (various) summary Technical book rental is here, and you may find the convenience a compelling enough factor to give up the paper versions of the available titles.

O'Reilly has come up with an interesting solution to your lack of physical shelf space: a virtual bookshelf. Safari Bookshelf is a great resource for all things technical. They recently went over 1,000 titles available online, 24/7. Several publishers have joined forces with O'Reilly to provide so many titles. Que, Alpha, Sams, Microsoft Press (and O'Reilly itself) are a few of the big-name publishers that are part of Safari. Currently, 75% of all O'Reilly books are available through Safari. (With plans for adding 10+ books per month, the selection is growing rapidly, too.)

Safari subscriptions can be had in 10-, 20- or 30-slot varieties, depending on how much you care to read (and spend). Prices end up close to $1.50 per slot each month, with slight discounts if you buy annually rather than by the month. (A $9.99/month 5-slot shelf is available too, if you just want to test the waters.)

Recently, I had the privilege of giving Safari a test-run thanks to the generous offer made to user groups.

The website's navigation was fairly easy to grasp, and I was able to start searching for books as soon as I logged into the system. O'Reilly's made browsing pleasant, by listing the main categories and allowing you to branch down into subcategories to find the book you may or may not be looking for.

I was given a 10-book shelf to start my trial of Safari. This account would typically go at $14.99/month (or $159.99/year). The bookshelf is great. You can add a book to your bookshelf and you keep it there for 30 days, after which you can remove the book and replace it with a different one. So, you can have 10 books in your "shelf" at any given time, and switch no more than 10 books a month under this account level. That is 120 books a year for roughly $1.33/book. That's impressive.

It just so happened that I was currently working on migrating from Sendmail to Postfix recently and wanted to read up more on Postfix to see if there was more I could do to keep my server running happily. I typed in "postfix" in the search, and voila! 109 books were found with that word in the title or description. The search results allowed me to View by Book and/or View by Section (which I found really helpful by showing me a section of the book that contained the word "postfix"). I scanned a few more books in greater depth, looking at the Table of Contents of various books and even looking at the books' chapter previews. A lot of text to look at before I even decide on checking out a book. Being in a bookstore wouldn't have been this good: you can't search through a bookstore for a specific keyword in all texts and get back these kinds of results.

After reviewing a small handful of books, I felt comfortable with my decision and checked out the appropriately-titled book by Sams, "Postfix" by Richard Blum and added it to my bookshelf. The book will be on my bookshelf for the next 30 days. Immediately, I went over to My Bookshelf and found myself looking through the same text you would find in the paper version of this book (but in the font face and size that I set in my browser preferences). It lets me print a page, send the page as an email to someone, etc. I was reading about open relays, and added a bookmark to the page which shows up on the "My Safari" personal page listing all the books I have currently checked out. That page also shows recent searches, newly available books, public notes, etc. With a few clicks, I can go from my computer desktop to page 152 of The Perl Cookbook which is quicker than me looking through my library of paper books and finding my place.

I have since added six more books and visit My Safari page roughly 5+ times throughout my day to read more on various topics. All this content available anytime I need it, and I still have spaces left in my bookshelf. They do offer 5-slot Safari Bookshelf for those who don't need 10 books a month, which is probably where I would fall. The great thing is that this is very affordable. (After calculating the costs of all the books I had bought in the past year, I could have paid for and viewed roughly 232 books plus the 8 technical books I bought last year.)

On the downside, colleagues who come by my home or office won't see my new copy of MySQL Cookbook because it is online rather than on my shelf showing another O'Reilly animal. I might have to print out the covers and tape them to my old school books to deal with that for the time being, but I am sure that Safari Bookshelf is how I plan to spend money on technical documentation from now on.

If it were a Tom Robbins book however, I couldn't see myself sitting in a cozy chair reading it on a laptop; this idea only makes sense to me for technical information because I am sitting at my computer anyways -- and where else would I need technical documentation?

If this idea intrigues you, visit O'Reilly's Safari Bookshelf page. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

rmmeyer asks: "I'm in the process of building an e-mail server for my company with a new twist. Since most of the clients are going to be Windows based (don't go there, I can't change 'em) and running Outlook (I know, I know...) I need to be able to scan the incoming and outgoing Emails for viruses. A quick check on Freshmeat shows fourty-nine projects related to email viruses. I intend to use Sendmail for the MTA with the milter API for scanning. There appear to be several commercial anti-virus scanners for Linux and at least one Open Source scanner. What are the community's experiences doing this? We expect to have 150 clients and potentially several thousand incoming Emails per day. Points are added for solutions that also include the capability of scanning Samba shares! =)" Ask Slashdot last touched on this issue in this article, from early March of last year, and before that in another article from October of 2000. I'm sure things have changed greatly since then.

Gambit Thirty-Two writes "Old news, but Sendmail has ported their MTA to Linux390." And in other news: sitz writes "It would appear as though some madman has port apache to WinCE <Insert witty beowulf comment here>. It's only been tested on a couple of platforms (including the Jornada 720, and is 'based on the WinNT port, with lots of dirty modifications'. That's still pretty swanky. I've also set up a mirror of this site, which will be up for a couple of weeks." Update: 08/27 15:19 PM GMT by H : Yes, the Sendmail story is a dupe - somebody didn't read my story before posting his. *grin*

WaldoJ asks: "I recently acquired an old Dell P133. So I fixed it up, and now it's got 32MB of RAM and 1.6GB of storage, running Linux and, as of these evening, it's running Sendmail, Apache and Mailman. I've got it plugged in with the rest of my servers, and I intend for this little system to serve as a free mailing list server for local organizations. Technically-speaking, everything is covered. But I can't help but wonder what sort of practical problems that I'll run into, like teaching folks how to administer a list on Mailman, understand what good a mailing list is, obeying mailing list etiquette, etc. Has anybody set up a community mail server like this? I'd like to avoid running into known, documented problems. OTOH, if this hasn't been done, I want to make sure to keep careful notes so that others can set up something similar with a minimum of hassle."

gempabumi asks: "I'm in the process of setting up a production server and I need to decide on an MTA. The main function of the MTA will be to run Mailman mailing lists. Of sendmail, Postfix, exim, and qmail, which MTA do you recommend? What are the strengths/weaknesses of each?"

keytoe asks: "With all the recent discussion around here about spam relaying, black hole lists, spam police and so on I've decided to start taking part. According to the Securing and Testing page on ORBS, running sendmail with FEATURE(relay_local_from) enabled is Bad(tm) and the sendmail folk agree. How could one go about setting up selective relaying from remote dialup users without first knowing where they're coming from? Listing 'aol.com' and 'uswest.net' in '/etc/mail/relay-domains' simply subverts the original goal. I'm aware that authenticated SMTP will move toward this goal, but that needs to be supported on the client side - and it's not there yet for all platforms. Additionally, I've seen suggestions to use a POP-before-SMTP hack, but I'm not using the sendmail POP server. In short, I'm seeking a transparent (to the users) replacement for FEATURE(relay_local_from) that actually -will- pass the ORBS test and keep the nasty people out. Am I screwed?"

keytoe asks: "With all the recent discussion around here about spam relaying, black hole lists, spam police and so on I've decided to start taking part. According to the Securing and Testing page on ORBS, running sendmail with FEATURE(relay_local_from) enabled is Bad(tm) and the sendmail folk agree. How could one go about setting up selective relaying from remote dialup users without first knowing where they're coming from? Listing 'aol.com' and 'uswest.net' in '/etc/mail/relay-domains' simply subverts the original goal. I'm aware that authenticated SMTP will move toward this goal, but that needs to be supported on the client side - and it's not there yet for all platforms. Additionally, I've seen suggestions to use a POP-before-SMTP hack, but I'm not using the sendmail POP server. In short, I'm seeking a transparent (to the users) replacement for FEATURE(relay_local_from) that actually -will- pass the ORBS test and keep the nasty people out. Am I screwed?"

keytoe asks: "With all the recent discussion around here about spam relaying, black hole lists, spam police and so on I've decided to start taking part. According to the Securing and Testing page on ORBS, running sendmail with FEATURE(relay_local_from) enabled is Bad(tm) and the sendmail folk agree. How could one go about setting up selective relaying from remote dialup users without first knowing where they're coming from? Listing 'aol.com' and 'uswest.net' in '/etc/mail/relay-domains' simply subverts the original goal. I'm aware that authenticated SMTP will move toward this goal, but that needs to be supported on the client side - and it's not there yet for all platforms. Additionally, I've seen suggestions to use a POP-before-SMTP hack, but I'm not using the sendmail POP server. In short, I'm seeking a transparent (to the users) replacement for FEATURE(relay_local_from) that actually -will- pass the ORBS test and keep the nasty people out. Am I screwed?"

keytoe asks: "With all the recent discussion around here about spam relaying, black hole lists, spam police and so on I've decided to start taking part. According to the Securing and Testing page on ORBS, running sendmail with FEATURE(relay_local_from) enabled is Bad(tm) and the sendmail folk agree. How could one go about setting up selective relaying from remote dialup users without first knowing where they're coming from? Listing 'aol.com' and 'uswest.net' in '/etc/mail/relay-domains' simply subverts the original goal. I'm aware that authenticated SMTP will move toward this goal, but that needs to be supported on the client side - and it's not there yet for all platforms. Additionally, I've seen suggestions to use a POP-before-SMTP hack, but I'm not using the sendmail POP server. In short, I'm seeking a transparent (to the users) replacement for FEATURE(relay_local_from) that actually -will- pass the ORBS test and keep the nasty people out. Am I screwed?"

Eric Allman, who is one of the primary people behind Sendmail, wrote to let us know that Sendmail 8.10.0 was released. The code itself can be found at sendmail.org or from their FTP sever. A complete list of changes in sendmail 8.10.0 is available on sendmail.net.

Eric Allman, who is one of the primary people behind Sendmail, wrote to let us know that Sendmail 8.10.0 was released. The code itself can be found at sendmail.org or from their FTP sever. A complete list of changes in sendmail 8.10.0 is available on sendmail.net.

Charles Ying writes "sendmail.net is reporting that Sendmail 8.10.0 Beta has been released to the public. The Sendmail Consortium hopes to get more wide spread testing from the open source community. Sendmail 8.10 has a lot of new features such as IPv6 support, SMTP AUTH, multiple mail queues, improved anti-spam capabilities, and updated LDAP support. "

Occasionally someone submits a feature that really raises my eyebrow. Jack William Bell did just that by submitting 'Open Source as an Ant Farm'. Its a really interesting piece that talks about code as art, and much more. Its quite funny, and its got a lot to think about. Click now, you won't regret it. Open Source as an Ant Farm by Jack William Bell

Where Open Source is concerned, hyperbole from the digerteratti hype meisters proliferates nearly as quickly as the hyperlinks they hype. Let's face it -- Clapton has been deposed; Linus Torvalds is now God. And those pundits shouting his divinity the loudest can^Òt even tell a stack register from a walrus. I wonder if Jesus had the same problem?

This constant lionizing of Linus is getting on my nerves. I mean, he is probably a great guy and all (if you know what I mean), but a great man? Usually you wait until people are safely dead (and unable to further embarrass themselves) before heaping those kinds of laurels on their heads. If I was he I would start worrying about that strange human proclivity for taking our living idols down a notch once in a while. Or even nailing them to a tree. Not to mention burning at the stake, drawing and quartering and satirizin g on TV.

But I knew things were getting ridiculous this last week when I saw three different weblogs pointing to the same dumb article using variations on the same dumb caption: 'Open Source as an Art Form' . I mean come on, just because a bunch of nutzoid art types gives Torvalds an award for Linux doesn't mean that an operating system or a development model is art! Yeesh!

Not that I don't think of programming as art mind you. After all I am a programmer myself and I often like to compare what I do to the creation of art. A kind of raw industrial art perpetuated underneath the digital world by Morlo cks like myself while the Eloi cavort on the surface, unaware of the immense complexity (and fragility) of their world. In other words code is art, but it is exclusionist art. No more approachable to the everyday person than a Jackson Pollock work. And twice as incomprehensible!

After all if everyone could do it, it wouldn't be art, would it? It would be just another craft. And if everyone could appreciate good code the way I appreciate the Impressionists then it would be 'Classical' (read 'Dead') Art. Not something alive and thriving. Bubbling and fermenting and making funny smells the way the process of hacking out good code does.

But, you say, it is being appreciated just as you would like! After all, isn't that what the award was all about?

Well, no frankly. Not even close. In my opinion if you can't write good code you can't appreciate good code. At the most you can only appreciate the end result, the compiled program. And, while some programs are definitely 'art' in their own right, many others cannot be described as such based on their even visible-to-the-user external features. And Linux, while a work of art in my programmer eyes, is really just a kernel. A piece of code that, if everything is working right, the user will never see directly. Some of my peers would agree with this. Some will not. As always opinions are all over the map...

One poster on Slashdot tried to have it both ways when he opined "Which part of the programming is the art? Is it the code, neatly formatted, with creative comments and clever algorithms or is it the finished product? When you look at 'art' in a museum, all you see is the finished product . . . So which is the art? The code or the program? I personally think it's the program, and beautiful programs usually have very nice/efficient/clean code."

While another lamented "When the New Yorker compares Open Source to the Algonquin roundtable, the seventh seal will be complete and Microsoft will be free to release Windows 2000."

And another asks "So how is this art going to be displayed? Will art galleries have framed printouts of C code, or will they just give out Linux CDs?"

How indeed? Well, if you read the dumb article I mentioned above you will find the author's thesis is that neither the source code nor the compiled Linux kernel code is the issue, rather the art in question is the Open Source development model that built it! He bases this proposition the following facts:

• China Youth Daily used the Microsoft consternation over Open Source for propaganda purposes.
• The Open Source development model (as described by Eric Raymond) is about cooperation and participation.
• Indian Potlatches were about cooperation and participation.
• The Surrealists did some stuff that involved cooperation and participation.
• A lot of twentieth century art uses 'quotation' (like painting soup cans or sampling 1970's Rock and Roll for Rap music) and 'quotation' is kind of like Open Source, isn't it?
• John Myatt's art forgery scam was kind of like 'quotation' too! And it was kind of like art as well
• When some people share a pseudonym to do wacky performance art, and then someone else uses the same nom de plume to crack a web site or to write an on-line 'tag-team' novel you have cooperation and participation and quotation and propaganda all rolled into one, with an Internet connection as a sweetener!

My first thought on reading the article was "Huh?" Then I reread and listed the salient points above and reiterated "Huh?"

Clearly Harvey Blume isn't a programmer. If he was I wouldn't trust him to code a 'for' loop based on his demonstrated grasp of simple logic. Nonetheless if he had simply stated that Open Source programming with the Bazaar model is 'Art' because he says it was art I would have much less to quibble with. After all art, like beauty, is in the eye of the beholder. Only he didn't. Instead he chose to defend his allegation using arguments that indicate he doesn't understand anything about the subject. In other words, I cannot say Mr. Blume is wrong, but I can state with near certainty that he is the wrong person to make the claim. He might be right, but for the wrong reasons.

So, assuming you can call a development model an art form -- how do you hang it on the wall? I would argue that it is already there. The main point about Open Source is that it is (wait for it) . . . OPEN! Duh^Å Unlike 'Closed' development the source code is available for all to see. And often the discussions between developers are available as well, archived on one list server or another. In the Internet sense you can't get up against the wall any more that that!

But what does the average art lover see hanging there? Open Source as an Art Form? I think not. More like Open Source as an Ant Farm! At most they will get a glimpse of we scurrying workers as we toil underground. But they will never, ever understand. As I said before, I am OK with that.

Non programmer types can present art awards for Linux or even Sendmail if they like, but it doesn't signify to me. In my opinion these awards mean nothing until they are given by someone who understands why the jargon file definition of 'Recursion' is funny. Until then I would rather they just threw money. Wouldn't you?

Occasionally someone submits a feature that really raises my eyebrow. Jack William Bell did just that by submitting 'Open Source as an Ant Farm'. Its a really interesting piece that talks about code as art, and much more. Its quite funny, and its got a lot to think about. Click now, you won't regret it. Open Source as an Ant Farm by Jack William Bell

Where Open Source is concerned, hyperbole from the digerteratti hype meisters proliferates nearly as quickly as the hyperlinks they hype. Let's face it -- Clapton has been deposed; Linus Torvalds is now God. And those pundits shouting his divinity the loudest can^Òt even tell a stack register from a walrus. I wonder if Jesus had the same problem?

This constant lionizing of Linus is getting on my nerves. I mean, he is probably a great guy and all (if you know what I mean), but a great man? Usually you wait until people are safely dead (and unable to further embarrass themselves) before heaping those kinds of laurels on their heads. If I was he I would start worrying about that strange human proclivity for taking our living idols down a notch once in a while. Or even nailing them to a tree. Not to mention burning at the stake, drawing and quartering and satirizin g on TV.

But I knew things were getting ridiculous this last week when I saw three different weblogs pointing to the same dumb article using variations on the same dumb caption: 'Open Source as an Art Form' . I mean come on, just because a bunch of nutzoid art types gives Torvalds an award for Linux doesn't mean that an operating system or a development model is art! Yeesh!

Not that I don't think of programming as art mind you. After all I am a programmer myself and I often like to compare what I do to the creation of art. A kind of raw industrial art perpetuated underneath the digital world by Morlo cks like myself while the Eloi cavort on the surface, unaware of the immense complexity (and fragility) of their world. In other words code is art, but it is exclusionist art. No more approachable to the everyday person than a Jackson Pollock work. And twice as incomprehensible!

After all if everyone could do it, it wouldn't be art, would it? It would be just another craft. And if everyone could appreciate good code the way I appreciate the Impressionists then it would be 'Classical' (read 'Dead') Art. Not something alive and thriving. Bubbling and fermenting and making funny smells the way the process of hacking out good code does.

But, you say, it is being appreciated just as you would like! After all, isn't that what the award was all about?

Well, no frankly. Not even close. In my opinion if you can't write good code you can't appreciate good code. At the most you can only appreciate the end result, the compiled program. And, while some programs are definitely 'art' in their own right, many others cannot be described as such based on their even visible-to-the-user external features. And Linux, while a work of art in my programmer eyes, is really just a kernel. A piece of code that, if everything is working right, the user will never see directly. Some of my peers would agree with this. Some will not. As always opinions are all over the map...

One poster on Slashdot tried to have it both ways when he opined "Which part of the programming is the art? Is it the code, neatly formatted, with creative comments and clever algorithms or is it the finished product? When you look at 'art' in a museum, all you see is the finished product . . . So which is the art? The code or the program? I personally think it's the program, and beautiful programs usually have very nice/efficient/clean code."

While another lamented "When the New Yorker compares Open Source to the Algonquin roundtable, the seventh seal will be complete and Microsoft will be free to release Windows 2000."

And another asks "So how is this art going to be displayed? Will art galleries have framed printouts of C code, or will they just give out Linux CDs?"

How indeed? Well, if you read the dumb article I mentioned above you will find the author's thesis is that neither the source code nor the compiled Linux kernel code is the issue, rather the art in question is the Open Source development model that built it! He bases this proposition the following facts:

• China Youth Daily used the Microsoft consternation over Open Source for propaganda purposes.
• The Open Source development model (as described by Eric Raymond) is about cooperation and participation.
• Indian Potlatches were about cooperation and participation.
• The Surrealists did some stuff that involved cooperation and participation.
• A lot of twentieth century art uses 'quotation' (like painting soup cans or sampling 1970's Rock and Roll for Rap music) and 'quotation' is kind of like Open Source, isn't it?
• John Myatt's art forgery scam was kind of like 'quotation' too! And it was kind of like art as well
• When some people share a pseudonym to do wacky performance art, and then someone else uses the same nom de plume to crack a web site or to write an on-line 'tag-team' novel you have cooperation and participation and quotation and propaganda all rolled into one, with an Internet connection as a sweetener!

My first thought on reading the article was "Huh?" Then I reread and listed the salient points above and reiterated "Huh?"

Clearly Harvey Blume isn't a programmer. If he was I wouldn't trust him to code a 'for' loop based on his demonstrated grasp of simple logic. Nonetheless if he had simply stated that Open Source programming with the Bazaar model is 'Art' because he says it was art I would have much less to quibble with. After all art, like beauty, is in the eye of the beholder. Only he didn't. Instead he chose to defend his allegation using arguments that indicate he doesn't understand anything about the subject. In other words, I cannot say Mr. Blume is wrong, but I can state with near certainty that he is the wrong person to make the claim. He might be right, but for the wrong reasons.

So, assuming you can call a development model an art form -- how do you hang it on the wall? I would argue that it is already there. The main point about Open Source is that it is (wait for it) . . . OPEN! Duh^Å Unlike 'Closed' development the source code is available for all to see. And often the discussions between developers are available as well, archived on one list server or another. In the Internet sense you can't get up against the wall any more that that!

But what does the average art lover see hanging there? Open Source as an Art Form? I think not. More like Open Source as an Ant Farm! At most they will get a glimpse of we scurrying workers as we toil underground. But they will never, ever understand. As I said before, I am OK with that.

Non programmer types can present art awards for Linux or even Sendmail if they like, but it doesn't signify to me. In my opinion these awards mean nothing until they are given by someone who understands why the jargon file definition of 'Recursion' is funny. Until then I would rather they just threw money. Wouldn't you?

Kai Voigt wrote in to remind us that Sendmail is beta testing 8.9.0, which features Spam Control in the form of rejecting unresolvable domains and relays. Sounds wonderful.